1 files changed, 5 insertions, 17 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index b8b79992797e..f96573304f5b 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -165,25 +165,13 @@ icmp_error_message(struct sk_buff *skb,
        h = nf_conntrack_find_get(&innertuple);
        if (!h) {
-                /* Locally generated ICMPs will match inverted if they
+                pr_debug("icmp_error_message: no match\n");
-                   haven't been SNAT'ed yet */
+                return -NF_ACCEPT;
-                /* FIXME: NAT code has to handle half-done double NAT --RR */
-                if (hooknum == NF_IP_LOCAL_OUT)
-                        h = nf_conntrack_find_get(&origtuple);
-                if (!h) {
-                        pr_debug("icmp_error_message: no match\n");
-                        return -NF_ACCEPT;
-                }
-                /* Reverse direction from that found */
-                if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
-                        *ctinfo += IP_CT_IS_REPLY;
-        } else {
-                if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
-                        *ctinfo += IP_CT_IS_REPLY;
        }
+        if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
+                *ctinfo += IP_CT_IS_REPLY;
        /* Update skb to refer to this connection */
        skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
        skb->nfctinfo = *ctinfo;

diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index b8b79992797e..f96573304f5b 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -165,25 +165,13 @@ icmp_error_message(struct sk_buff *skb,
165		165
166	h = nf_conntrack_find_get(&innertuple);	166	h = nf_conntrack_find_get(&innertuple);
167	if (!h) {	167	if (!h) {
168	/* Locally generated ICMPs will match inverted if they	168	pr_debug("icmp_error_message: no match\n");
169	haven't been SNAT'ed yet */	169	return -NF_ACCEPT;
170	/* FIXME: NAT code has to handle half-done double NAT --RR */
171	if (hooknum == NF_IP_LOCAL_OUT)
172	h = nf_conntrack_find_get(&origtuple);
173
174	if (!h) {
175	pr_debug("icmp_error_message: no match\n");
176	return -NF_ACCEPT;
177	}
178
179	/* Reverse direction from that found */
180	if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
181	*ctinfo += IP_CT_IS_REPLY;
182	} else {
183	if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
184	*ctinfo += IP_CT_IS_REPLY;
185	}	170	}
186		171
		172	if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
		173	*ctinfo += IP_CT_IS_REPLY;
		174
187	/* Update skb to refer to this connection */	175	/* Update skb to refer to this connection */
188	skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;	176	skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
189	skb->nfctinfo = *ctinfo;	177	skb->nfctinfo = *ctinfo;